CVE-2022-3559
published 2022-10-17CVE-2022-3559: A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
3.66%
88.2th percentile
A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | exim4 | < exim4 4.96-4 (bookworm) | exim4 4.96-4 (bookworm) |
| exim | exim | < 4.97 | 4.97 |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Exim vulnerability
vendor_ubuntu·2022-11-24
CVE-2022-3559 Exim vulnerability
Title: Exim vulnerability
Summary: Exim could be made to crash or run programs if it processed specially
crafted regular expressions.
It was discovered that Exim incorrectly handled certain regular
expressions. An attacker could use this issue to cause Exim to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2022-3559: exim4 - A vulnerability was found in Exim and classified as problematic. This issue affe...
vendor_debian·2022·CVSS 4.6
CVE-2022-3559 [MEDIUM] CVE-2022-3559: exim4 - A vulnerability was found in Exim and classified as problematic. This issue affe...
A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.
Scope: local
bookworm: resolved (fixed in 4.96-4)
bullseye: resolved (fixed in 4.94.2-7+deb11u4)
forky: resolved (fixed in 4.96-4)
sid: resolved (fixed in 4.96-4)
trixie: resolved (fixed in 4.96-4)
OSV
CVE-2022-3559: A vulnerability was found in Exim and classified as problematic
osv·2022-10-17·CVSS 7.5
CVE-2022-3559 [HIGH] CVE-2022-3559: A vulnerability was found in Exim and classified as problematic
A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.
GHSA
GHSA-86wj-xg3c-r8gx: A vulnerability was found in Exim and classified as critical
ghsa_unreviewed·2022-10-17
CVE-2022-3559 [HIGH] CWE-119 GHSA-86wj-xg3c-r8gx: A vulnerability was found in Exim and classified as critical
A vulnerability was found in Exim and classified as critical. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugs.exim.org/show_bug.cgi?id=2915https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/https://vuldb.com/?id.211073https://bugs.exim.org/show_bug.cgi?id=2915https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2https://lists.debian.org/debian-lts-announce/2024/10/msg00029.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/https://vuldb.com/?id.211073
2022-10-17
Published